allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
apiVersion: security.openshift.io/v1
defaultAddCapabilities:
- CAP_SETFCAP
fsGroup:
  type: RunAsAny
groups:
- system:cluster-admins
users:
- system:serviceaccount:coreos-ci:coreos-ci-sa
kind: SecurityContextConstraints
metadata:
  annotations:
    kubernetes.io/description: custom scc for anyuid + CAP_SETFCAP defaultAddCapability
  name: coreos-ci-anyuid-setfcap
priority: 10
readOnlyRootFilesystem: false
requiredDropCapabilities:
- MKNOD
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: RunAsAny
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret

